Eugenia Estes reports: Annual state-mandated assessment testing did not get off to the best start this week for many systems, including Greene County Schools, due to what is being investigated as a cyber attack on the company that handles online TN Ready testing for the state. Although there were some disruptions to the testing for…
Category: Subcontractor
MedWatch LLC notifies members whose protected health information was exposed on the internet
Florida-headquartered MedWatch, LLC is a care management company, providing risk management solutions to the self-funded health plan market. On or about April 13, they started notifying their clients’ health plan members after learning that a vendor misconfiguration error had exposed protected health information between October 20, 2017 and December 15, 2017. MedWatch did not name…
Personal information of 1 million potential college applicants ‘exposed inadvertently’
Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
A covered entity’s responsibility to monitor a business associate is…. what?
There is yet another really informative post by Jeff Drummond of Jackson Walker. This one is about a CE’s responsibility to actively monitor a BA’s compliance. Jeff writes, in part: Lexology today led me to this article by Adam Green’s crew at Davis Wright Tremaine. It turns out, there is specific language in the December…
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…